|
Security
Specifications
|
Protection Details
|
|
Firewall
Software Blade
|
|
Protocol/application support |
Secures more than 200
applications and protocols
|
|
VoIP protection |
SIP, H.323, MGCP, and
SCCP with NAT support
|
| Instant
messaging control |
MSN, Yahoo, ICQ, Skype,
GoogleTalk, and QQ Instant Messenger
|
|
Peer-to-peer blocking |
Kazaa, Gnutella,
BitTorrent, eMule, DirectConnect, Soulseek, Thunder,
and Winny
|
| Network
address translation |
Static/hide NAT
support with manual and automatic rules
|
|
Layer-2 bridge support |
Transparently
integrates into existing network
|
|
IPsec VPN
Software Blade
|
|
Encryption support |
AES 128-256 bit, 3DES
56-168 bit
|
| Authentication
methods |
Password, RADIUS,
TACACS, X.509, SecurID, LDAP
|
|
Certificate authority |
Integrated certificate
authority (X.509)
|
| VPN
communities |
Automatically sets up
site-to-site connections as objects are created
|
|
Topology support |
Star and mesh
|
| Route-based
VPN |
Utilizes virtual
tunnel interfaces; numbered/unnumbered interfaces
|
|
VPN agent support |
Complete Endpoint
security with VPN, desktop firewall
|
| SSL-based
remote access |
Fully integrated SSL
VPN gateway provides on-demand SSL-based access
|
|
SSL-based endpoint scanning |
Scans endpoint for
compliance/malware prior to admission to the network
|
|
IPS Software
Blade
|
|
Network-layer protection |
Blocks attacks such as
DoS, port scanning, IP/ICMP/TCP-related
|
|
Application-layer protection |
Blocks attacks such as
DNS cache poisoning, FTP bounce, improper commands
|
|
Detection methods |
Signature-based,
behavioral, and protocol anomaly
|
|
Advanced
Networking Software Blade
|
|
ISP redundancy |
Protocol-based,
source/destination and port route decisions
|
| Routing
support |
OSPF, BGP, RIP v1/2,
IGMP, PIM-DM, PIM-SM
|
|
Quality of Service |
Floodgate-1® provides
granular QoS control
|
| Server load
balancing |
ConnectControl
distributes connection requests using one of five
load balancing algorithms
|
|
Acceleration
and Clustering Software Blade
|
| CoreXL1 |
Balances security
decisions across multiple cores
|
|
SecureXL |
Offloading of security
inspection to a performance-optimized software
module
|
| SecureXL
firewall security features |
Access control,
encryption, NAT, accounting and logging,
connection/session rate, general security checks,
IPS features, CIFs resources, TCP sequence
verification, dynamic VPN
|
|
High availability |
Active/passive and
active/active failover options
|
| State
synchronization |
Ensures stateful
failover of connections
|
|
Sync members supported |
Up to 5 members
|
| Load balancing |
ClusterXL provides
near linear scaling
|
|
Link Aggregation |
Load balancing and
high availability the interfaces
|
| Critical
device notifications |
Network interfaces,
synchronization status, firewall policy status,
ClusterXL process status, and firewall process
status
|
|
Management and
reporting
|
| Centralized
management |
Managed by Check Point
centralized Security Management and Provider-1
|
|
Monitoring/logging |
SmartView Tracker™
provides advanced monitoring and logging
|
| Reporting |
Fully integrated with
the Monitoring, SmartReporter, and SmartEvent
Software Blades
|
|
Command line interface |
SSH
|
|
SecurePlatform
|
|
Secure OS |
Pre-hardened,
optimized operating system
|
| Web based
administration |
Enables quick, easy,
and secure administration from anywhere in the
network
|
|
Backup and restore |
For disaster recovery
planning
|
| Centralized
administrative rights |
RADIUS authentication
and RADIUS groups
|
|
DHCP support |
SecurePlatform™ DHCP
server and relay
|
